VYPR
Unrated severityNVD Advisory· Published Aug 20, 2013· Updated Jun 16, 2026

CVE-2013-4962

CVE-2013-4962

Description

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.

Affected products

8
  • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=3.0.0
    • cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*
    • (no CPE)range: <3.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.